Free iPhone rogue applications run riot on Facebook, warns Sophos

October 05, 2010 Sophos Press Release

IT security and data protection firm Sophos is warning Facebook users about messages currently circulating on the social network claiming that friends have received free iPhones. These messages, which have been spreading widely since Sunday, invite others to participate in the scheme, however the messages are being sent by rogue applications that users have allowed to access their profiles and post messages to their walls.

Messages appear as status updates and many read:

Just testing Facebook for iPhone out :P Received my free iPhone today, so happy lol... If anyone else wants one go here: <LINK>

Or:

Anyone want my old phone? Claimed my free iPhone today, so happy lol... If anyone else wants one go here: <LINK>

Facebook users who click on the link advertised by their friends are then asked if they want to "Allow" this application to access their basic information. Participants who allow this are then redirected to a webpage which will earn commission for the spammers behind the scam.

iPhone rogue application on Facebook

"If you've fallen for this trick, I wouldn't hold your breath waiting for a new iPhone," said Graham Cluley, senior technology consultant at Sophos. "Facebook users need to learn to think before they "like" and "share" suspicious pages on Facebook. Just because something appears on a friend's wall, it doesn't mean that it is from a reliable source, and by giving unknown applications access to your Facebook page, you could unknowingly continue to help to spread scams and earn cash for the spammers."

Impacted users should delete references to the free iPhone scam from their wall, and remove the offending application from Account/Application Settings.

More information about the attack can be found on Graham Cluley's blog.